I have a lot of passwords from various websites. I never use the same one twice, but the problem is that I keep forgetting them so I want to save them somewhere. If I'm on the same computer I can save them in the browser. However, that doesn't work across computers. Is there a safe way to store the passwords somewhere online?

Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.

They are subtly similar, which is why there's voting. If enough other people agree with my thought that they are very close, then they might end up merged. If nobody else casts the same vote, they won't. That's how the system works.
– Adam TuttleJul 2 '10 at 19:20

17 Answers
17

I suggest the use of Keepassx, an cross-platform password manager, and Dropbox. Create your password database with Keepassx and then synchronize it across all of your computers using Dropbox. I've used this approach for about a year and a half with no issues.

(I should also mention that Dropbox keeps older revisions of files so even if your database is lost, deleted, or corrupted it can be recovered. Between the version on the dropbox servers and the version on each of the machines you sync it to, you have a built in backup system)

Also making a backup to a USB stick on your keychain is a good way to have your passwords with you if you don't have access to dropbox. There is a portable version of Keepassx that you can run off the keychain also.
– thelsdjJul 1 '10 at 0:30

2

I've used keepass for years and it's great (both the Windows and *nix variants). Have a simple backup solution of emailing the databases to a couple email addresses every week (if modified; all automated of course) since it's encrypted, which also works out well if I'm elsewhere and the copy on my thumbdrive is old.
– Roger PateJul 1 '10 at 1:32

@Jeff Yates: There are other alternatives to dropbox, especially if being cross-platform is less of an issue for you. Take a look at unison ( cis.upenn.edu/~bcpierce/unison ), Syncplicity ( syncplicity.com ), and SugarSync ( sugarsync.com ). However, I haven't tried any of these and have no idea their quality and utility.
– ZxaosJul 1 '10 at 14:27

@JeffYates Google Drive is good as well.
– ComputerLocusMar 17 '13 at 23:06

I pay $12/year for the premium version -- the big advantage is that I can use the iPhone app.
– Doug HarrisJul 1 '10 at 14:27

1

Upvote for Lastpass. I have switched to Lastpass and been using it for the last couple of months, and could not be happier: * Keeps passwords in sync across multiple machines * Keeps passwords in sync across multiple browsers (Firefox, Chrome, IE, etc.) * Does not store un-encrypted passwords on their server so its less vulnerable to malicious users * Easy to use! * Free (there is a premium version with more capabilities) I can't imagine living without Lastpass anymore.
– joyjitJul 9 '10 at 17:53

+1000 I and all my friends/co-workers recently switched from KeyPassX to LastPass. It's got all the benefits of KeyPass (and many more) with none of the problems. It is also just as secure as KeyPass (none of the passwords are actually stored/transferred on their servers, all encryption/decryption is done client-side)
– BlueRaja - Danny PflughoeftOct 1 '10 at 2:31

I've been using 1Password for a while now, and really like it. It started out as Mac only, but they recently came out with a version for Windows. They also have versions for Android, iOS (iPhone, iPad), and Palm OS. When combined with dropbox, it allows you to keep your passwords synced across systems.

Interesting because it does not require any encryption software. You can even post the second list on a public website, if you trust yourself not to reveal the first half.
– nicJul 26 '10 at 6:34

besides this, I also like to use the first letter of the website/product/service. e.g for facebook, f+pass :P
– ajax333221Sep 4 '12 at 2:12

1

My concern is that if any of your full passwords is compromised, combined with your plain text half-password list which will contain the last half of the full password... this could jeopardize all your passwords.
– Kevin FeganJan 24 '13 at 4:06

If you use a password manager and store its database on portable media (USB stick etc.), don't use it from a computer that may be infected with malware (Internet Caffe, careless friend's computer,...). The malware has the potential to extract all URLs/usernames/passwords from the database after you unlock it with the master password, not only the ones you retrieve.

I'm a big fan of PwdHash, which allows you to use the same underlying password on different web sites, with unguessable "hashed" actual passwords for each specific site. That way if someone at EvilSite.com gets your password, they can't use it to log into your Facebook or Gmail accounts. There's a plugin to use it on your usual computer, and you can use the PwdHash web site if you're on some other computer. Note that your unhashed password never ever goes over the internet, just the hashed password.

You can try Passpack.com as an alternative to Lastpass.com. They both have similar functionalities. I personally prefer Passpack. It supports many 3rd party sign on sites, master password, two-factor authentication, password sharing, note taking, mobile version, etc.

You could take the source of PwdHash, introduce some hashing salt of your own, and host it yourself privatly (or run it of your local devices.)

To introduce even more security to this model, you could split the sites you access up into different security groups with different group passwords.

The draw-back of using something like PwdHash is that you do not actually store the account information. This does mean it cannot be stolen either, but it requires you to at least remember the username and optionally security level (as mentioned above).

Another problem rises wen a site refuses to accept the hashed password due to some or other requirement on their end. Or I'd you needed to change just one password. This would mean that you would have to change all or at least all in that security group.

The better—though more crude—option is probably a self-hosted service like Clipperz or centrally hosted but provider-safe service like LastPass.